[Security Announce] [ MDKSA-2007:086 ] - Updated cups packages fix DoS vulnerability
Posted on: 04/17/2007 01:40 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:086
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : April 16, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A flaw was discovered in how CUPS handled SSL negotiation that could
allow a remote attacker capable of connecting to the CUPS daemon to
cause a DoS to other CUPS users.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
58148107fd3c3a3a58cf40893f210d19 2007.0/i586/cups-1.2.4-1.2mdv2007.0.i586.rpm
facc569515fe2bfb4cd486c97933db38 2007.0/i586/cups-common-1.2.4-1.2mdv2007.0.i586.rpm
4d098ae29c18349d340358a8dd34dd71 2007.0/i586/cups-serial-1.2.4-1.2mdv2007.0.i586.rpm
170742c5f714668e61e86f8c81a8b4ed 2007.0/i586/libcups2-1.2.4-1.2mdv2007.0.i586.rpm
5f0235cecf775ca3fe56ec84cc84d20f 2007.0/i586/libcups2-devel-1.2.4-1.2mdv2007.0.i586.rpm
bd0b0eca41194be209e4241d719e1599 2007.0/i586/php-cups-1.2.4-1.2mdv2007.0.i586.rpm
dfee0796289f4931ce50315338a9039a 2007.0/SRPMS/cups-1.2.4-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
f6ff5e5b6974a5643e95d25064a0d376 2007.0/x86_64/cups-1.2.4-1.2mdv2007.0.x86_64.rpm
000003ae00365d65f11d2ba66e23f497 2007.0/x86_64/cups-common-1.2.4-1.2mdv2007.0.x86_64.rpm
abd32c1b9604f1b37a2aa2b0d388f815 2007.0/x86_64/cups-serial-1.2.4-1.2mdv2007.0.x86_64.rpm
275f077df3d38e0d37c5c364dc213141 2007.0/x86_64/lib64cups2-1.2.4-1.2mdv2007.0.x86_64.rpm
9a1fb3565074c9f4094e66085f00cdcf 2007.0/x86_64/lib64cups2-devel-1.2.4-1.2mdv2007.0.x86_64.rpm
dd2efd3e7bd0fa76688331be58b41e61 2007.0/x86_64/php-cups-1.2.4-1.2mdv2007.0.x86_64.rpm
dfee0796289f4931ce50315338a9039a 2007.0/SRPMS/cups-1.2.4-1.2mdv2007.0.src.rpm

Corporate 3.0:
e1a992d26240a580991dac68aec96bff corporate/3.0/i586/cups-1.1.20-5.11.C30mdk.i586.rpm
098a0436371e4f2747f46739206c178f corporate/3.0/i586/cups-common-1.1.20-5.11.C30mdk.i586.rpm
03b7c186d7594edc6434851ee21f995a corporate/3.0/i586/cups-serial-1.1.20-5.11.C30mdk.i586.rpm
440f161baeb56539f78571be69ed70e2 corporate/3.0/i586/libcups2-1.1.20-5.11.C30mdk.i586.rpm
fb5996ef6a12ab6f290a7594fa3a3cb0 corporate/3.0/i586/libcups2-devel-1.1.20-5.11.C30mdk.i586.rpm
3c8b04f6b0af669313979cb23feddb6d corporate/3.0/SRPMS/cups-1.1.20-5.11.C30mdk.src.rpm

Corporate 3.0/X86_64:
86852aacc829b9efcd03b544a55fdca0 corporate/3.0/x86_64/cups-1.1.20-5.11.C30mdk.x86_64.rpm
ebd138190f39f88c1eace2aa522ea034 corporate/3.0/x86_64/cups-common-1.1.20-5.11.C30mdk.x86_64.rpm
3fad1b6fa25230cd0dcf078b8edd24ad corporate/3.0/x86_64/cups-serial-1.1.20-5.11.C30mdk.x86_64.rpm
35a7e3c3dee5397c703d4ced6be57138 corporate/3.0/x86_64/lib64cups2-1.1.20-5.11.C30mdk.x86_64.rpm
f1098a89091ab49d1a65c3827f222e45 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.11.C30mdk.x86_64.rpm
3c8b04f6b0af669313979cb23feddb6d corporate/3.0/SRPMS/cups-1.1.20-5.11.C30mdk.src.rpm

Corporate 4.0:
73b593b17afd8c7d3e4df79e382c6bf9 corporate/4.0/i586/cups-1.2.4-0.2.20060mlcs4.i586.rpm
287de87164fd603d9233ea5dd2460878 corporate/4.0/i586/cups-common-1.2.4-0.2.20060mlcs4.i586.rpm
2f164f0d981a3f2cbfaedadc9b60ec82 corporate/4.0/i586/cups-serial-1.2.4-0.2.20060mlcs4.i586.rpm
f84b48d2c09d77d8a4a038724f90c8ce corporate/4.0/i586/libcups2-1.2.4-0.2.20060mlcs4.i586.rpm
092cb69b720a81b2fc8f8374eefde9b5 corporate/4.0/i586/libcups2-devel-1.2.4-0.2.20060mlcs4.i586.rpm
6fb17dd9e47a3f1fb081b0abeba74a21 corporate/4.0/i586/php-cups-1.2.4-0.2.20060mlcs4.i586.rpm
4aa9d021fb9ca6947ee0042842c0d9f7 corporate/4.0/SRPMS/cups-1.2.4-0.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6910e854380e4bdfd873f030e6cf56a1 corporate/4.0/x86_64/cups-1.2.4-0.2.20060mlcs4.x86_64.rpm
3ea4c63c9a77d8853b31edc6b27cd947 corporate/4.0/x86_64/cups-common-1.2.4-0.2.20060mlcs4.x86_64.rpm
202a71ab90bd78c62b49bcfdb8f87e6d corporate/4.0/x86_64/cups-serial-1.2.4-0.2.20060mlcs4.x86_64.rpm
adbd7e8c128a869f72eec99f8ab2675c corporate/4.0/x86_64/lib64cups2-1.2.4-0.2.20060mlcs4.x86_64.rpm
3511b5438cb8539645853e125ce633d2 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.2.20060mlcs4.x86_64.rpm
8ac429c561e74613ad99a90ca81bf081 corporate/4.0/x86_64/php-cups-1.2.4-0.2.20060mlcs4.x86_64.rpm
4aa9d021fb9ca6947ee0042842c0d9f7 corporate/4.0/SRPMS/cups-1.2.4-0.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGI84amqjQ0CJFipgRAgYDAJsGtmc+dDF4MVXsbIZ4yf8B5riUXwCg4IFQ
CgJu6KFTY1qUujdG8UgYemI=
=gZF6
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007086__updated_cups_packages_fix_dos_vulnerability.html)